1. Field of the Invention
The present invention is related to a method and a system for verifying security data, more particularly, to a method using an authentication server to provide an additional verification process onto the original transaction process, and a system thereof, and also a computer-readable storage device.
2. Description of Related Art
Identity verification is one adequate mechanism provided for a user to access a service such as shopping or other transaction rendered by a server over a network. In general, the service member will be required to logon the server using his registered account and password. However, many safer verifying methods have been developed since conventional verifications do not comply with serious security requirements. For example, one aspect of dynamic password technology allows the user to acquire a unique dynamic password using a Token with which he instantly accesses a service. This kind of dynamic password will be invalid as it merely applies for this instant service.
Moreover, along with the widespread applications made for mobile devices, some technologies have been developed to perform the identity verification similar to the conventional Token. One of the technologies is to provide a service cooperating with a telecommunication company, in which, when the user logons for a specific service, the server first obtains the logon data. The telecommunication company acts as an authentication provider when it sends a password to the user with its SMS service. The password is provided for the user to fill in using an interface and successfully logon the service. It is noted that this type of dynamic password is often adopted by a gaming system or cyber banking system.